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Amendments to the Claims : 
This listing of claims replaces all prior versions and listings of claims in the application: 

Listing of Claims; 



1. (Original) A digital data storage subsystem for storing data in digital form comprising: 

A. a storage medium configured to store digital data; 

B. a storage control module configured to 

i. in response to a storage request requesting storage of digital data, 
receive the digital data that is to be stored in response to the storage request from a source, 
encrypt the received digital data using a selected encryption key and enable the encrypted digital 
data to be stored on the storage medium; and 

ii. in response to a retrieval request requesting retrieval of digital data, 
enable at least one selected portion of the encrypted digital data to be retrieved from the storage 
medium, decrypt the retrieved encrypted digital data using a selected decryption key, and 
provide the decrypted digital data to a destination; and 

C. a sanitization control module configured to, in response to a sanitization 
request, make the decryption key unavailable to the storage control module, thereby disabling the 
storage control module from thereafter decrypting the encrypted digital data stored on the storage 
medium. 

2. (Original) A digital data storage system as defined in claim 1 in which the storage 
medium is a magnetic medium, in which the encrypted digital data is stored in magnetic form. 

3. (Original) A digital data storage system as defined in claim 2 in which the magnetic 
medium is a disk. 
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4. (Original) A digital data storage system as defined in claim 1 in which the storage 
medium is an electronic medium, in which the encrypted digital data is stored in electronic form. 

5. (Original) A digital data storage system as defined in claim 1 in which the storage 
control module is configured to make use of a symmetric key encryption and decryption 
methodology in encrypting the digital data and decrypting the encrypted digital data, 

tip 

6. (Original) A digital data storage system as defined in claim 1 in which the storage 
control module is configured to make use of an asymmetric key encryption and decryption 
methodology in encrypting the digital data and decrypting the enctypted digital data. 

7. (Original) A digital data storage system as defined in claim 1 , the digital data storage 
system further comprising a decryption key store configured to store the decryption key, and the 
storage control module is configured to make use of the decryption key stored in the decryption 
key store in decrypting the encrypted digital data. 

8. (Amended) A digital data storage system as defined in claim 7 in which the 
sanitation control module is configured to make the decryption key unavailable to the storage 
control module by wiping the decryption key from the decryption key store. 

9. (Amended) A digital data storage system as defined in claim 8 in which the 
sanitization control module is configured to wipe the decryption key from the decryption key 
store by erasing the decryption key store. 

10. (Original) A digital-data storage system as defined in claim 1, the digital data storage 
system further comprising a key generator configured to generate the decryption key. 
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1 1 . (Original) A digital data storage system as defined in claim 10 in which the key 
generator module is configured to generate the decryption key from two bit patterns provided 
thereto using a predetermined generation methodology. 

12. (Original) A digital data storage system as defined in claim 1 1 in which the key 
generator module is configured to generate the decryption key by concatenating the bit patterns 




13. (Original) A digital data storage system as defined in claim 1 1 in which the key 
generator module is configured to generate the decryption key by exclusiv^ORing the bit 
patterns together. 



14. (Amended) A digital data storage system as defined in claim 1 1 in which the key 
generator module is configured to store the decryption key in a decryption key store, and the 
sanitization control module is configured to make the decryption key unavailable by making the 
decryption key and at least one of the bit patterns unavailable. 

15, (Original) A computer program product for use in connection with a processor to 
provide a sanitizing subsystem for sanitizing a digital data storage subsystem for storing data in 
digital form, the computer program product comprising: 

A. a storage control module configured to enable the processor to 

i, in response to a storage request requesting storage of digital data, receive 
the digital data that is to be stored in response to the storage request from a source, encrypt the 
received digital data using a selected encryption key and enable the encrypted digital data to be 
stored on the storage medium; and 

ii. in response to a retrieval request requesting retrieval of digital data* enable 
at least one selected portion of the encrypted digital data to be retrieved from the storage 
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medium, decrypt the retrieved encrypted digital data using a selected decryption key, and 
provide the decrypted digital data to a destination; and 

B. a sanitation control module configured to enable the processor to, in response to 
a sanitization request, make the decryption key unavailable to the storage control module, 
thereby disabling the storage control module from thereafter decrypting the encrypted digital 
data stored on the storage medium. 




16. (Original) A computer program product as defined in claim 15 in which the storage 
control module is configured to enable the processor to make use of a symmetric key encryption 
and decryption methodology in encrypting the digital data and decrypting the encrypted digital 
data. 

1 7. (Amended) A computer program product as defined in claim 15 in which the storage 
control module is configured to enable the processor to make use of an asymmetric key 
encryption and decryption methodology in encrypting the digital data and decrypting the 
encrypted digital data. 

18. (Original) A computer program product as defined in claim 15, in which the storage 
control module is configured to enable the processor to make use of the decryption key stored in 
a decryption key store in decrypting the encrypted digital data, 

1 9. (Amended) A computer program product as defined in claim 1 8 in which the 
sanitization control module is configured to enable the processor to make the decryption key 
unavailable to the storage control module by wiping the decryption key from the decryption key 
store. 
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20. (Amended) A computer program product as defined in claim 19 in which the 
sanitization control module is configured to enable the processor to wipe the decryption key from 
the decryption key store by erasing the decryption key store. 

21 . (Original) A computer program product as defined in claim 1 5, the computer 
program product further comprising a key generator configured to enable the processor to 

^ generate the decryption key. 

22. (Original) A computer program product as defined in claim 21 in which the key 
generator module is configured to enable the processor to generate the decryption key from two 
bit patterns provided thereto using a predetermined generation methodology. 

23. (Original) A computer program product as defined in claim 22 in which the key 
generator module is configured to enable the processor to generate the decryption key by 
concatenating the bit patterns together, 

24. (Original) A computer program product as defined in claim 22 in which the key 
generator module is configured to enable the processor to generate the decryption key by 
exclusive-ORing the bit patterns together. 

25. (Amended) A computer program product as defined in claim 22 in which the key 
generator module is configured to enable the processor to store the decryption key in a 
decryption key store, and the sanitization control module is configured to enable the processor to 
make the decryption key unavailable by making the decryption key and at least one of the bit 
patterns unavailable. 

26. (Amended) A method of operating a digital data storage subsystem for storing data 
in digital form, the method comprising: 
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* * : A. a storage control step in which 

i. in response to a storage request requesting storage of digital data, the 
digital data that is to be stored in response to the storage request from a source is received, 
encrypted using a selected encryption key and the encrypted digital data stored on a storage 
medium; and 

ii , in response to a retrieval request requesting retrieval of digital data, 
retrieving at least one selected portion of the encrypted digital data to be retrieved from the 
storage medium, decrypted using a selected decryption key, and the decrypted digital data being 
provided to a destination; and 

B. a sanitization control step in which, in response to a sanitization request, the 
decryption key is made unavailable for decryption, thereby disabling the decryption of the 
encrypted digital data stored on the storage medium. 

27. (Original) A method as defined in claim 26 in which the storage control step 
includes the step of making use of a symmetric key encryption and decryption methodology in 
encrypting the digital data and decrypting the encrypted digital data. 

28. (Original) A method as defined in claim 26 in which the storage control step 
includes the step of making of an asymmetric key encryption and decryption methodology in 
encrypting the digital data and decrypting the encrypted digital data. 

29. (Original) A method as defined in claim 26, in which the storage control step 
includes the step of making use of the decryption key stored in a decryption key store in 
decrypting the encrypted digital data. 

30. (Amended) A method as defined in claim 29 in which the sanitization control step 
includes the step of making 
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3 1 . (Amended) A method as defined in claim 30 in which the sanitization control step 
includes the step of wiping the decryption key from the decryption key store by erasing the 
decryption key store. 

32. (Original) A method as defined in claim 26, the method further comprising a key 
generator step of generating the decryption key. 

33. (Original) A method as defined in claim 32 in which the key generator step includes 
the step of generating the decryption key from two bit patterns provided thereto using a 
predetermined generation methodology. 

34. (Original) A method as defined in claim 33 in which the key generator step includes 
the step of generating the decryption key by concatenating the bit patterns together. 

35. (Original) A method as defined in claim 33 in which the key generator step includes 
the step of generating the decryption key by exclusive-ORing the bit patterns together. 

36. (Amended) A method as defined in claim 33 in which the key generator step 
includes the step of storing the decryption key in a decryption key store, and the sanitization 
control step includes the step of making the decryption key unavailable by making the decryption 
key and at least one of the bit patterns unavailable. 

37. (New) A digital data storage subsystem as defined in claim 1, the digital data storage 
subsystem further comprising a decryption key store configured to store a decryption key, 
wherein the storage control module is configured to allow access to the stored information 
without disclosing the decryption key to the source of the storage request 
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38. (New) A digital data storage subsystem as defined in claim 1, the digital data storage 
subsystem further comprising an interface for communication with a data utilization device over 
a communications link. 

39. (New) A digital data storage subsystem as defined in claim 7, wherein the decryption 
key store is included on the storage medium. 




40. (New) A mass storage subsystem comprising: 

an interface for accepting requests and for passing unencrypted data between a data 
utilization device and the subsystem; 

a store for cryptographic information, wherein the storage subsystem is configured to 
retain the cryptographic information within the storage subsystem; 

a storage control module configured to 

receive a storage request and associated data through the interface and to encrypt 

said data using the cryptographic information prior to passing the encrypted data to a 

storage medium; and 

receive a retrieval request through the interface and to decrypt requested data 

using the cryptographic information prior to passing the decrypted data to the interface; 

and 

a sanitization control module configured to receive a sanitization request and to make at 
least some of the cryptographic information unavailable to the storage control module to prevent 
decryption of at least some of the encrypted data passed to the storage medium. 

4L (New) The mass storage subsystem as defined in claim 40 wherein the store for 
cryptographic information is included on the storage medium. 
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